General
-
Target
0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.zip
-
Size
370KB
-
Sample
240630-lyxw2awcnf
-
MD5
8edb52503d1c2c3bf1272cc02358c1b9
-
SHA1
f170f6fcbe60f0771f3c6230baf52729d50b3094
-
SHA256
a085c799fa8f7c6cab620987327ea260551af5da063ec43f1dbcd3af71db0a37
-
SHA512
732a9685d7e51f2d82adf4c422b6bc1272e50becba3b617977f6c22026b14a1b9622aa19cf6d344714c851bbab3ae364402c232bbce80fca3fed8ee807683ec3
-
SSDEEP
6144:UI0i0qGZvLo4VkAbZjMsTmOSwRnds7vj92NMIpKp+JBGtG3tUcdHZoWeO:UIRyvLhVLb5TmOSwRS92NMITBGQU8oW9
Static task
static1
Behavioral task
behavioral1
Sample
0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.cmd
Resource
win7-20240221-en
Malware Config
Extracted
xworm
5.0
korkos.now-dns.net:999
PloDJK2PhSuWy8rU
-
install_file
USB.exe
Targets
-
-
Target
0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150.cmd
-
Size
500KB
-
MD5
6e45850d43bde1d6bc68ab6b07daf153
-
SHA1
427ed64bb89e6bf40e59276768d37152c209e976
-
SHA256
0a0a6608a80b982fc1f0897b89c9ffa58ba58e3c2d1c200155e47c495b0c6150
-
SHA512
e44ea25026d2146991e61eb82ed6028af248fb9235b271f665943b432833e3274a3e9ae9ffc912436b294e6a450337cbd251daafad11c926a41cc942042b4f81
-
SSDEEP
12288:Co8xbtgA4f9Ek3aoC4QvfD2ZK1n6B4XyZYi9lGUnnQ:Co8NtsaCm1nhqD9ginQ
-
Detect Xworm Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-